CVE-2023-32556

Опубликовано: 26 июн. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Ссылки

https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-651/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-651/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*

Версия до 14.0.12105 (исключая)

cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-59

Связанные уязвимости

GHSA-rxxg-crv8-fgvm

CVSS3: 5.5

github

больше 2 лет назад

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

BDU:2023-02872

CVSS3: 5.5

fstec

почти 4 года назад

Уязвимость службы Apex One NT RealTime Scan (ntrtscan.exe) антивирусных программных средств Trend Micro Apex One и Apex One as a Service, позволяющая нарушителю выполнить произвольный код и получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 19%

0.00059

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-59